Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active directory user import

ruera
Champ in-the-making
Champ in-the-making

‎08-14-2008 09:07 AM

Hi,
I'm new with Alfresco.
After a correct installation, now I' would like to understand: "how to: import and synchronize users from Active directory-LDAP".
I red may post but i didn't find a sort of procedue "Step by Step".
Question: can someone explain to me the complete process to get users and groups imported from an LDAP?
Thank you in advance for any help.

Ruera
Labels:
0 Kudos
3 REPLIES 3

meansartin14
Champ in-the-making
Champ in-the-making

‎10-31-2008 09:54 AM

I am interested in this topic also.

Anyone?
0 Kudos

ofrxnz
Champ in-the-making
Champ in-the-making

‎11-12-2008 10:34 AM

So the process is two step Hopefully this should get you on track

First configure LDAP authentication after this step is done, AD user accounts will work in alfresco

This requires you rename ldap-authentication-context.xml.sample to  ldap-authentication-context.xml
and then configure ldap-authentication.properties to match your environment

There are a couple of tricks.  Here are some of the key lines

ldap.authentication.java.naming.provider.url=ldap://yourADserverDomainNameOrIPAddress:389

ldap.authentication.java.naming.security.authentication=SIMPLE

This next one is tricky because AD does not follow standards so you will need to create an "alfresco" user in AD.  Because AD is not standards compliant, the Windows user name is not an LDAP user name.  so you need to look at the folder name(and path).  The below example is for a user with the first name "alfresco" and last name "ldap" and a user name of "alfresco.ldap".  I used the Apache directory studio http://directory.apache.org/studio/ to find this value.  When you navigate to the user this string will be at the top of the user attribute frame

ldap.authentication.java.naming.security.principal=CN=alfresco ldap,CN=Users,dc=COMPANY,dc=com

ldap.authentication.java.naming.security.credentials=TheAboveUsersPasswordInPlainText


The second part is to rename ldap-synchronization-context.xml.sample to ldap-synchronization-context.xml  you will have to play with this some but the directory suite helps

then configure the following to sync users


ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)

In the previous one "objectclass=inetOrgPerson" is an attribute the only exists in user accounts and when alfresco sees it and it knows it is a user. 

set the base folder in AD for users
ldap.synchronisation.personSearchBase=dc=company,dc=com

windows usernames attribute
ldap.synchronisation.userIdAttributeName=sAMAccountName

configure the following for groups

ldap.synchronisation.groupQuery=(objectclass=group)
again that is one that alfresco knows to look at as groups

ldap.synchronisation.groupSearchBase=BaseGroupFolder
0 Kudos

marctsg
Champ in-the-making
Champ in-the-making

‎11-12-2008 11:01 AM

I was going to make a new topic about this but it seems to make more sense in here.  I noticed that the LDAP sync should be configured not to destroy groups before doing a group sync or users will lose all their site roles and the sites become orphaned.  The sites create their own groups when you set them up and those are gone for good when you do the clear, unfortunately. 

So in spite of what the note says in ldap-synchronization.properties, it's probably not safe to set clearGRoups=true if you plan on using Share.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC